XSS cookie logger

Thanks to system meltdown iv set up my cookie logger script, once i have someones cookies what do i do with them, i was thinking maybe..

javascript:void(document.cookie="cookies goes in here")

but i ddint have much luck, maybe its me and i got it wrong or maybe its not that at all.

if you think this is a stuipid/obvious question sorry lol, but w all have to learn it somewhere…

you're asking how to steal some1's identity you moron. :angry:

let's boost your warn level some more :happy:

wtf are you on abuot? im asking how to use a cookie…

Ignore him.

Well it depends whether you got static or dynamic cookies so to speak.

Whether they are a session ID in which they would expire and you could only hi-jack their account for a short space of time or whether the cookie (Like PHPBB forums) store the username and password, in which case, you just decrypt and log in.

There are lots of tutorials about it.

How stuff work etc

Learn about cookies and you will see how you can manipulate them.

Hope that helped =\

thanks flash, helped ALOT … it didnt have a sessionid so i dont think it was a session one.:|

if it was a session id, how would i use it?

A session ID is only valid for a limited amount of time, and if you have a copy of a valid session cookie and enter the site, you'll be logged in as that user. However, if the user logs out or the session expires, you won't be able to use the same session again.

ok but what if i had the cookie on a html file on a webpage

@the_flash's response. one thing to add to that is you don't always have to decrypt the password hash in the cookie to login. simply login with your username on the site, then change your cookies to theirs. then there is no problems about cracking the hash.

easy as that, use firefox plugins anec cookie edit